Inmate network priming

ABSTRACT

A method for network priming for an inmate of a controlled facility includes receiving authentication credentials for the inmate to access a third party social network, importing social network contacts from the third party social network, filtering the social network contacts for prohibited contacts, presenting the inmate with the social network contacts, receiving, from the inmate, a selection of social network contacts to obtain selected social network contacts, and populating a secure social network list of the inmate with the selected social network contacts.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is related to U.S. patent application Ser. No.13/438,940 filed on Apr. 4, 2012, entitled “Secure Social Network.” U.S.patent application Ser. No. 13/438,940 is incorporated by reference inits entirety.

BACKGROUND

Controlled facilities, such as a jail, prison, secure detentionenvironments, detention facility, secured hospital, or addictiontreatment facility, house large populations of individuals inconfinement, which presents unique administrative challenges. In suchdetention environments, detained individuals, such as prisoners,offenders, convicts, military personnel, patients, government clearedpersonnel, or other detainees, frequently desire to communicate withindividuals outside the detention environment such as friends or familymembers.

SUMMARY

In general, in one aspect, embodiments relate to a method for networkpriming for an inmate of a controlled facility. The method includesreceiving authentication credentials for the inmate to access a thirdparty social network, importing social network contacts from the thirdparty social network, filtering the social network contacts forprohibited contacts, presenting the inmate with the social networkcontacts, receiving, from the inmate, a selection of social networkcontacts to obtain selected social network contacts, and populating asecure social network list of the inmate with the selected socialnetwork contacts.

In general, in one aspect, embodiments relate to a system for networkpriming for an inmate of a controlled facility. The system includes acomputer processor, a database server, and a network application thatexecutes on the computer processor. The database server includes aninmate account including a secure social network list. The networkapplication includes a controlled setup module. The controlled setupmodule is configured to receive authentication credentials for theinmate to access a third party social network, import social networkcontacts from the third party social network, filter the social networkcontacts for prohibited contacts, present the inmate with the socialnetwork contacts, receive, from the inmate, a selection of socialnetwork contacts obtain selected social network contacts, and populate asecure social network list in the inmate account with the plurality ofselected social network contacts.

In general, in one aspect, embodiments relate to a non-transitorycomputer readable medium for network priming for an inmate of acontrolled facility. The non-transitory computer readable mediumincludes computer readable program code for receiving authenticationcredentials for the inmate to access a third party social network,importing social network contacts from the third party social network,filtering the social network contacts for prohibited contacts,presenting the inmate with the social network contacts, receiving, fromthe inmate, a selection of social network contacts to obtain selectedsocial network contacts, and populating a secure social network list ofthe inmate with the selected social network contacts.

In general, in one aspect, embodiments relate to a method for networkpriming for an inmate of a controlled facility. The method includesimporting mobile device contacts from a mobile device used by theinmate, filtering the mobile device contacts for prohibited contacts,presenting the inmate with the mobile device contacts, receiving, fromthe inmate, a selection of mobile device contacts to obtain selectedtelephone contacts, and populating a telephone list of the inmate withthe plurality of selected telephone contacts.

Other aspects of the invention will be apparent from the followingdescription and the appended claims.

BRIEF DESCRIPTION OF DRAWINGS

FIGS. 1-7 show schematic diagrams of a system in one or more embodimentsof the invention.

FIGS. 8-10 show flowcharts of a method in one or more embodiments of theinvention.

DETAILED DESCRIPTION

Specific embodiments of the invention will now be described in detailwith reference to the accompanying figures. Like elements in the variousfigures are denoted by like reference numerals for consistency.

In the following detailed description of embodiments of the invention,numerous specific details are set forth in order to provide a morethorough understanding of the invention. However, it will be apparent toone of ordinary skill in the art that the invention may be practicedwithout these specific details. In other instances, well-known featureshave not been described in detail to avoid unnecessarily complicatingthe description.

In general, embodiments of the invention provide a method and system fornetwork priming for an inmate of a controlled facility. Specifically,embodiments of the invention control which contacts an inmate can havein a secure social network. More specifically, social network contactsof the inmate are imported from a third party social network of theinmate. The social network contacts are filtered for prohibitedcontacts. In other words, contacts that the inmate does not havepermission to communicate with are removed from the social networkcontacts. The remaining contacts are approved for communication. Theinmate may be presented with remaining contacts, and select, from theremaining contacts, which contacts to add from the social network. Thus,those contacts are added to the inmate social network.

One or more embodiments may further add contacts from an inmate's mobiledevice. For example, if the inmate enters the controlled facility with amobile phone, one or more embodiments add approved contacts in themobile phone to the inmate's telephone network and/or social network.

Embodiments of the invention may include interactions with a securesocial network. In one or more embodiments of the invention, a securesocial network is a network application that facilitates and secures theexchange or transmission of information between two or more parties inwhich at least one of those parties is subject to special security orlaw enforcement restrictions or otherwise resides in, or is subject tothe controls of a controlled facility. Exchanged or transmittedinformation may be member generated, such as a photo or a video message,or it may be member-curated, such as a news headline, a famous quote, ora sports score.

FIG. 1 shows a diagram of a system in accordance with one or moreembodiments of the invention. As shown in FIG. 1, the system includes acontrolled facility (100), an outside facility (102), third partyproviders (104), and an outsider computing device (106) eachcommunicatively coupled to a communications network (108). Thecontrolled facility (100) may include, but is not limited to, a kiosk(110), an administrator application (112), an inmate phone (114), and aninmate computing device (116). The outside facility (102) may include anapplication server (118) and a database server (120). The third partyproviders (104) may include a media server (122), a web server (124),and a datacenter (126). The outsider computing device (106) may includean outsider application (128).

In one or more embodiments of the invention, a controlled facility (100)is an access-restricted location. Examples of controlled facilities(e.g., controlled facility (100)) include, but are not limited to,detention environments (e.g., jails, prisons, etc.), immigrationdetention centers, military centers, government secure sites, lawenforcement holding structures, secure business complexes, andpsychiatric hospitals.

In one or more embodiments of the invention, an inmate is a personwithin a controlled facility (100) who is subject to one or morerestrictions, primarily to his or her freedom or rights. Examples ofinmates include, but are not limited to, prisoners, wards of the state,parolees, employees working in a secure business complex, temporary orlong-term internees, patients, military personnel, uncharged suspects,and refugees. Inmate restrictions may be part of a court-imposedsentence on an inmate, while others may be specific to the controlledfacility (100) in which the inmate resides. Restrictions may includelimitations on an inmate's physical movement (i.e., physicalrestrictions) and limitations on the inmate's ability to communicate(i.e., communication restrictions). Communication restrictions includeinmate use restrictions, inmate target restrictions, and device userestrictions.

In one or more embodiments of the invention, inmate use restrictions arelimitations on an inmate's general ability to communicate with visitorsand/or outsiders. Inmate use restrictions may include, for example,periods of time in which an inmate is not allowed to communicate withoutsiders or visitors (e.g., between 10 PM and 8 AM, during an imposedone-week punitive period, etc.) and limitations based on lack of funds(e.g., insufficient commissary account balance to initiate acommunication).

In one or more embodiments of the invention, inmate target restrictionsare limitations on the target or source of a communication with theinmate. Inmate target restrictions may be specific outsiders or visitorswith whom the inmate is not allowed to communicate (e.g., the victim ofa crime perpetrated by the inmate, etc.). Inmate target restrictions mayalso include types of people with whom the inmate is not allowed contact(e.g., outsiders who are ex-cons, minors under the age of 18, etc.).

In one or more embodiments of the invention, device use restrictions arerestrictions based on the condition or state of the communication deviceused by the inmate. Device use restrictions include, for example,limitations based on the location of the inmate's mobile device,limitations imposed based on a determination that the device has beentampered with, etc.

In one or more embodiments of the invention, an outsider is a personoutside the controlled facility (100) who may be the source or target ofa communication with an inmate. An outsider who enters the controlledfacility (100) for the purpose of communicating with an inmate isreferred to as a visitor.

In one or more embodiments of the invention, the kiosk (110) is acomputing system with functionality to facilitate communication betweenan inmate and a visitor or outsider. Such communication facilitation mayinclude creating a system identity data item or secure social networkingaccount, adding or importing contact information for outsiders with whomthe inmate wishes to communicate, uploading media (e.g., photos, videos,audio, and text) to, or viewing media from, a secure social network,sending or receiving messages or other media, acting as an endpoint forvoice and video communication between an inmate and a visitor oroutsider, scheduling a communication, and managing a commissary orcommunications account. Further detail about kiosks (e.g., kiosk (110))is provided in FIG. 2, FIG. 5A, FIG. 5B, and FIG. 6.

In one or more embodiments of the invention, the administratorapplication (112) is a process or group of processes executing on acomputing system with functionality to enable an administrator tocreate, remove, and/or enforce one or more restrictions on an inmate,outsider, or device. In one or more embodiments of the invention, anadministrator is a person associated with the controlled facilitycharged with enforcing one or more restrictions. Examples ofadministrators include, but are not limited to, prison guards,orderlies, wardens, prison staff, jailers, information technologytechnicians, system administrators, and law enforcement agents. Usingthe administrator application, an administrator may retrieve or alterthe identity data item and/or secure social network account of aninmate, visitor, or outsider. Further detail about the administratorapplication (112) is provided in FIG. 2.

In one or more embodiments of the invention, the inmate phone (114) is adevice with functionality to send and receive audio communicationsbetween an inmate and an outsider or visitor. In one or more embodimentsof the invention, the inmate phone (114) is a stationary (i.e.,non-mobile) device. Further, a single inmate phone (114) may be used bymore than one inmate. Further detail about the inmate phone (114) isprovided in FIG. 2.

In one or more embodiments of the invention, the inmate computing device(116) is a computing device with functionality to enable an inmate tocommunicate with a visitor or outsider. Specifically, the inmatecomputing device (116) may be used to send or receive text messagesand/or initiate or receive voice or video calls. In one or moreembodiments of the invention, the inmate computing device (116) alsoenables an inmate to access a secure social network. Specifically, theinmate computing device (116) may be used to upload media to, or viewmedia from, a secure social network account of the inmate or anothersecure social network member. In one or more embodiments of theinvention, the inmate computing device (116) is a mobile computingdevice (e.g., a smartphone, a laptop, a tablet, etc.). Further detailabout the inmate computing device (116) is provided in FIG. 2 and FIG.6.

In one or more embodiments of the invention, the elements within thecontrolled facility (100) are communicatively coupled to thecommunications network (108). In one or more embodiments of theinvention, the communications network (108) is a collection of computingsystems and other hardware interconnected by communication channels. Thecommunications network (108) may include networks that are exclusivelyor primarily used for a single type of communication, such as atelephone network (e.g., Plain Old Telephone System (POTS)), and/ornetworks used for a wide array of communication types, such as theInternet through Voice over IP (VoIP). Communication channels used bythe communications network (108) may include, for example, telephonelines, networking cables, wireless signals, radio waves, etc. Feescharged and payments received by the provider(s) of the communicationsnetwork (108) may involve multiple parties, including a service providerof the outside facility (102), the management of the controlled facility(100), and provider(s) of the communications network (108). In one ormore embodiments of the invention, fees may be split between multipleparties based on the terms of underlying agreements or contracts betweenthe parties. Further, rebates, reimbursements, and/or refunds may beafforded to and paid to the management of the controlled facility (100)based on the terms of underlying agreements or contracts between theparties. For example, the management of the controlled facility (100)may receive a rebate from the service provider of the services providedto inmates based on such factors as the volume of use, the dollaramount, and/or the frequency of use.

In one or more embodiments of the invention, the outside facility (102)is a group of computing systems located outside of the controlledfacility (100). Specifically, the outside facility (102) may housesystem elements with functionality to facilitate communication betweeninmates and outsiders, access communication data between inmates andoutsiders, and enforce one or more restrictions imposed on inmates andinmate communications. In one or more embodiments of the invention, theoutside facility (102) is connected directly to the controlled facility(100) bypassing a generally accessible communications network(communications network (108)). One or more of the components within theoutside facility (102) may alternatively be located within thecontrolled facility (100) or within the third party providers (104).

In one or more embodiments of the invention, the application server(118) is a computing system with functionality to authenticate aninmate, outsider, administrator, reviewer, or investigator for access tosystem functionality (e.g., initiating voice or video calls, sendingtext messages, etc.) or data stored on the database server (120) (e.g.,inmate identities, communications between inmates and outsiders, etc.).The application server may authenticate inmates, outsiders,administrators, reviewers, and/or investigators using passwords,biometric data, digital access codes, and/or physical access devices.Further detail about the application server (118) is provided in FIG. 3.

In one or more embodiments of the invention, the database server (120)is a computing system with functionality to store identities used toauthenticate inmates, outsiders, administrators, reviewers, and/orinvestigators. Such identities may include verified data used to compareto verification data provided by the inmate, outsider, administrator,reviewer, or investigator to authenticate the inmate, outsider,administrator, reviewer, or investigator.

In one or more embodiments of the invention, the database server (120)also stores communication data about communications between an inmateand an outsider or visitor. Such communication data may include, forexample, a recording of a video call, the length of a voice call, thefrequency of video calls, sent and received text messages, etc. Thedatabase server (120) may also store media submitted to a secure socialnetwork before, during, and/or after the media has been reviewed.Further detail about the database server (120) is provided in FIG. 3.

In one or more embodiments of the invention, the third party providers(104) are computing systems that provide network application and datastorage services (i.e., cloud computing services). Third party providers(104) may include service providers used directly by inmates andoutsiders, such as photo sharing services, general social networkingsites, and digital music retailers. Third party providers (104) mayinclude service providers employed by administrators and for use byinmates and outsiders, such as audio and video streaming applications,conferencing applications, and secure social network media storage. Oneor more of the components within the third party providers (104) mayalternatively be located within the controlled facility (100) or theoutside facility (102).

In one or more embodiments of the invention, the media server (122) is acomputing system or group of computing system with functionality toprovide network application services to facilitate communication betweenan inmate and an outsider, and to facilitate access to a secure socialnetwork. Such services include, but are not limited to, VoIP services,video conferencing services, and media streaming services.

In one or more embodiments of the invention, the web server (124) is acomputing system or group of computing system with functionality toprovide an interface to access and interact with webpages and othernetwork application services. In one or more embodiments of theinvention, the web server (124) is a type of media server (122).

In one or more embodiments of the invention, the datacenter (126) is acomputing system or group of computing system with functionality toprovide an interface to access and interact with data stored on one ormore data servers (not shown). In one or more embodiments of theinvention, the datacenter (126) is a type of media server (122).

In one or more embodiments of the invention, the outsider computingdevice (106) is a computing device with functionality to execute theoutsider application (128). In one or more embodiments of the invention,the outsider computing device (106) is a mobile computing device (e.g.,a smartphone, a laptop, a tablet, etc.). Further detail about theoutsider computing device (106) is provided in FIG. 6.

In one or more embodiments of the invention, the outsider application(128) is a process or group of processes (in software, firmware,hardware, or combination thereof) with functionality to enablecommunication between an outsider and an inmate. Specifically, theoutsider application (128) may be used to send or receive text messagesand/or initiate or receive voice or video calls. In one or moreembodiments of the invention, the outsider application (128) alsoenables an outsider to access a secure social network. Specifically, theoutsider application (128) may be used to upload media to, or view mediafrom, a secure social network account of the outsider, an inmate, othersecure social network member.

FIG. 2 shows a controlled facility in accordance with one or moreembodiments of the invention. As shown in FIG. 2, the controlledfacility (200) may include a visitor kiosk (202), a booking kiosk (204),an administrator computing device (206), an inmate kiosk (208), aninmate phone (210), an inmate computing device (212), and a local server(214). The inmate computing device (212) and the local server (214) arecommunicatively coupled to the communications network (216). Theadministrator computing device (206) includes an administratorapplication (218). The inmate computing device (212) includes an inmateapplication (220).

In one or more embodiments of the invention, the visitor kiosk (202) isa computing system with functionality to facilitate communicationbetween an inmate and a visitor. Specifically, the visitor kiosk (202)may be a combination of computing hardware and software used by avisitor to make and receive voice and video calls to/from an inmateresiding in the same controlled facility (200) or another controlledfacility (not shown). The visitor kiosk (202) may also be used toschedule a voice or video call with an inmate for a future date.Further, the visitor kiosk (202) may also include the functionality toexchange media (e.g., photos, videos, and audio) with an inmate residingin the controlled facility (200). The visitor kiosk (202) may includefunctionality to generate such media, such as a camera, microphone,keyboard, and software to record or otherwise create media to send to aninmate. Such media may be subject to review before being delivered.

In one or more embodiments of the invention, a visitor wanting to use avisitor kiosk (202) may be required to participate in an authenticationprocess to verify the identity of the visitor. The authenticationprocess may include creating an identity data item and verified data forstorage and later comparison. The verified data used for authenticationmay be a username and password combination and/or biometric informationabout the visitor.

In one or more embodiments of the invention, the visitor kiosk (202)includes functionality to access a secure social network. Specifically,the visitor kiosk (202) may be used by a visitor to create and manage asecure social network account. The visitor kiosk (202) may also be usedby a visitor to upload digital media to the visitor's secure socialnetwork account or the account of another secure social network member.The visitor kiosk (202) may further be used to view digital mediauploaded to the visitor's social network account or the account ofanother secure social network member.

In one or more embodiments of the invention, the visitor kiosk (202)includes functionality to manage a commissary account for one or moreinmates. Specifically, a visitor may use a visitor kiosk (202) to addmoney to the commissary account of an inmate in the controlled facility(200), view a transaction history of the commissary account, transferfunds between commissary accounts, and/or remove funds from a commissaryaccount. Further detail about the visitor kiosk (202) is provided inFIG. 5A and FIG. 5B.

In one or more embodiments of the invention, the booking kiosk (204) isa computing system with functionality to aid administrators in admittingan inmate into a controlled facility (e.g., controlled facility (200)).Specifically, the booking kiosk (204) may include functionality tocreate or update an inmate identity data item. Specifically, the bookingkiosk (204) may be used to obtain verified data (e.g., passwords,biometric data, etc.) and save the verification data in one or moreidentity data items for the inmate. The verified data may then be usedto authenticate the inmate (e.g., to access the communications network(216), etc.). In one or more embodiments of the invention, the bookingkiosk may also be used to associate one or more restrictions with theinmate via the inmate's identity data item.

In one or more embodiments of the invention, the booking kiosk (204)includes functionality to input contact information for visitors,outsiders, administrators, or other inmates with whom the inmate wantsto communicate. Such contact information may then be associated with theinmate's identity data item, and may be used to initiate a voice orvideo call, or otherwise transmit media to visitors, outsiders, or otherinmates. Further, In one or more embodiments of the invention, thecontact information may be retrieved from an inmate's mobile computingdevice (e.g., cell phone, smart phone, etc.) or a local or remote datastorage device (e.g., a flash drive, a webmail account, etc.). Thecontact information may be retrieved using a wired or wirelessconnection between the booking kiosk and the inmate's mobile computingdevice and/or the data storage device. The contact information may besubject to review before the inmate is permitted to contact the visitor,outsider, administrator, or other inmate.

In one or more embodiments of the invention, the booking kiosk (204)includes functionality to prepare a mobile computing device for use bythe inmate within the controlled facility (200). Specifically, acontrolled facility (200) may allow inmates the use of computing deviceswhile in or subject to the controlled facility (200). However, use ofsuch inmate computing devices may require that the computing device isinstrumented with software restricting the use of the inmate computingdevice. The booking kiosk (204) may be used to instrument the inmatecomputing device as required. Further detail about the booking kiosk(204) is provided in FIG. 5A and FIG. 5B.

In one or more embodiments of the invention, the administrator computingdevice (206) is a computing system or group of computing systems withfunctionality to execute the administrator application (218). In one ormore embodiments of the invention, the administrator application (218)is a process or group of process with functionality to provide access tocommunications between inmates at the controlled facility (200) andvisitors, outsiders, administrators, and other inmates. Theadministrator application (218) may also be used to monitor currentvoice or video calls between an inmate and a visitor, outsider,administrator, or other inmate.

In one or more embodiments of the invention, the administratorapplication (218) is used to manage an identity data item associatedwith an inmate. Such management may include altering the restrictions(device use restrictions, inmate use restrictions, and inmate targetrestrictions) applicable to the inmate. In one or more embodiments ofthe invention, the administrator application (218) is used to access thesecure social network account of an inmate, visitor, or outsider. In oneor more embodiments of the invention, the administrator application(218) may provide heightened access (i.e., a level of access greaterthan that of the inmate, visitor, or outsider) to data stored in thesecure social networking account.

In one or more embodiments of the invention, the inmate kiosk (208) is acomputing system with functionality to facilitate communication betweenan inmate and a visitor or outsider. Specifically, the inmate kiosk(208) may be a combination of computing hardware and software used by aninmate to make and receive voice and video calls to/from a visitor,outsider, or another inmate residing in another controlled facility (notshown). The inmate kiosk (208) may also be used to schedule a voice orvideo call with a visitor at a future date. Initiating or scheduling avoice or video call may include determining whether the currentlyattempted call or the scheduled call are adverse to one or morerestrictions (e.g., inmate use restrictions, device use restrictions,and/or inmate target restrictions). Further, the inmate kiosk (208) mayalso include the functionality to exchange media (e.g., photos, videos,and audio) with a visitor or outsider. The inmate kiosk (208) mayinclude functionality to generate such media, such as a camera,microphone, keyboard, and software to record or otherwise create mediato send to a visitor or outsider. Such media may be subject to reviewbefore being delivered.

In one or more embodiments of the invention, an inmate wanting to use aninmate kiosk (208) may be required to participate in an authenticationprocess to verify the identity of the inmate. The authentication processmay include providing verification data for comparison to verified datapreviously obtained from the inmate and stored in the inmate identitydata item. The verified data may be a username and password combinationand/or biometric information about the inmate.

In one or more embodiments of the invention, the inmate kiosk (208)includes functionality to access a secure social network. Specifically,the inmate kiosk (208) may be used by an inmate to manage a securesocial network account. The inmate kiosk (208) may include functionalityto generate such media, such as a camera, microphone, keyboard, andsoftware to record or otherwise create media to send to a visitor oroutsider. The inmate kiosk (208) may also be used by an inmate to uploaddigital media to the inmate's secure social network account or theaccount of another secure social network member. The inmate kiosk (208)may further be used to view digital media uploaded to the inmate'ssocial network account or the account of another secure social networkmember. Uploaded media may be subject to review before posting.

In one or more embodiments of the invention, the inmate kiosk (208)includes functionality to manage a commissary account for the inmate.Specifically, an inmate may use an inmate kiosk (208) to view atransaction history of the commissary account and/or to apply commissaryfunds for goods and services consumed or enjoyed by the inmate. Furtherdetail about the inmate kiosk (208) is provided in FIG. 5A and FIG. 5B.

In one or more embodiments of the invention, the inmate phone (210) is adevice with functionality to send and receive audio communicationsbetween an inmate and an outsider or visitor. The inmate phone (210) maybe implemented as handset connected to a telephone line. In one or moreembodiments of the invention, all or part of the voice call may beconducted over a VoIP connection. In one or more embodiments of theinvention, a single inmate phone (210) is utilized by multiple inmates.

In one or more embodiments of the invention, initiating or receiving avoice call using the inmate phone (210) requires a form ofauthentication (e.g., providing a password, personal identificationnumber, or voice verification). In one or more embodiments of theinvention, voice calls made using the inmate phone (210) are monitoredby one or more administrators using the administrator computing device(206), and are recorded and stored in a data storage system within thecontrolled facility (200), within the outside facility (not shown), orwithin a third party provider (not shown). The inmate phone (210) mayalso be subject to device use restrictions limiting the ability to usethe inmate phone (210) at certain times (e.g., between 9 PM and 8 AM) orunder certain conditions (e.g., emergency lockdown).

In one or more embodiments of the invention, the identity of the visitoror outsider targeted by the inmate or attempting to contact the inmateusing the inmate phone (210) is verified against inmate targetrestrictions imposed on the inmate. Such restrictions may be associatedwith the inmate's identity data item and may be stored locally withinthe controlled facility (200), within the outside facility (not shown),or within a third party provider (not shown). The visitor or outsideridentity may be verified by the local server (214) or by another serverwithin the outside facility (not shown), or within a third partyprovider (not shown).

In one or more embodiments of the invention, the inmate computing device(212) is a computing system configured to execute the inmate application(202). In one or more embodiments of the invention, each inmatecomputing device (212) is utilized exclusively by a single inmate. Inone or more embodiments of the invention, access to the inmateapplication requires a form of initial authentication. This initialauthentication may use verification data stored locally on the inmatecomputing device (212) (e.g., a code or combination used to unlock thephone, locally stored biometric data, etc.).

In one or more embodiments of the invention, accessing a communicationsnetwork (e.g., communications network (216)) using the inmateapplication (220) may require further network-based authentication. Thisfurther authentication may use verification data stored external to theinmate computing device (212) but locally within the controlled facility(200), or remotely within the outside facility (not shown) or within athird party provider (not shown).

In one or more embodiments of the invention, an authenticated inmate mayuse the inmate application to initiate or receive voice or video calls,initiate or receive text or media messages, schedule a voice or videocall, manage a commissary account, or post media to a secure socialnetwork. In one or more embodiments of the invention, voice and videocalls made using the inmate computing device (212) are monitored by oneor more administrators using the administrator computing device (206),and are recorded and stored in a data storage system within thecontrolled facility (200), within the outside facility (not shown), orwithin a third party provider (not shown).

In one or more embodiments of the invention, the identity of the visitoror outsider targeted by the inmate or attempting to contact the inmateusing the inmate computing device (212) is verified against inmatetarget restrictions imposed on the inmate. Such restrictions may beassociated with the inmate's identity data item and may be storedlocally within the controlled facility (200), within the outsidefacility (not shown), or within a third party provider (not shown). Thevisitor or outsider identity may be verified by the local server (214)or by another server within the outside facility (not shown), or withina third party provider (not shown).

In one or more embodiments of the invention, the inmate computing system(212) and/or the inmate application (220) may limit access to thecommunications network (216) based on one or more restrictions (inmateuse restrictions, inmate target restrictions, and device userestrictions). Further, the inmate computing system (212) and/or theinmate application (220) may gather data from input devices of theinmate computing system (212) to determine whether one or morerestrictions apply. Such input devices may include, for example, asystem clock, a global positioning system antenna, a wide area networkantenna, etc.

In one or more embodiments of the invention, the local server (214) is acomputer system or group of computers systems located within thecontrolled facility (200) that facility communication between inmatesand visitors, outsiders, and/or other inmates. Specifically, the localserver (214) may implement the software necessary to host voice andvideo calls between and among the visitor kiosk (202), the inmate kiosk(208), the inmate phone (210), and an outsider computing system (notshown). The local server (214) may also include functionality to enforcecommunication restrictions associated with the inmates using the inmatekiosk (208) or inmate phone (210). Alternatively, the local server (214)may merely provide access to other systems capable of hosting thecommunication software and data storage (e.g., located within an offsitefacility or a third party provider). Further, In one or more embodimentsof the invention, the local server (214) includes functionality toregulate inmate access to a secure social network.

FIG. 3 shows an outside facility in accordance with one or moreembodiments of the invention. As shown in FIG. 3, the outside facility(300) may include an application server (302), a database server (304),a reviewer computing system (306), and an investigator computing system(308). The application server (302) is communicatively coupled to thecommunications network (310). The reviewer computing device (306) mayinclude a reviewer application (312), and the investigator computingdevice (308) may include an investigator application (314).

In one or more embodiments of the invention, the application server(302) is a computing system or group of computing systems configured toauthenticate inmates, visitors, outsiders, administrators, reviewers,and/or investigators. Specifically, the application server (302)includes functionality to receive a request to authenticate an inmate,visitor, outsider, administrator, reviewer, and/or an investigator,retrieve verified data associated with the request, and compare theverified data to verification data submitted in the authenticationrequest. In one or more embodiments of the invention, the applicationserver provides access to identity data items and other data stored inthe database server (304).

In one or more embodiments of the invention, the database server (304)is a computing system or group of computing system configured to storedata about inmates, visitors, outsiders, administrators, reviewers,and/or investigators as well as communication data describingcommunications between and among inmates, visitors, outsiders,administrators, reviewers, and/or investigators. Data stored in thedatabase server may include, but is not limited to, identity data items,verified data, approved communication media, communication media pendingreview

In one or more embodiments of the invention, the reviewer computingdevice (306) is a computing system configured to execute the reviewerapplication (312). In one or more embodiments of the invention, areviewer is a person charged with viewing a media item submitted by aninmate, visitor, outsider or administrator, and determining one or moreattributes of the media item. Based on the determined attributes of themedia item, the reviewer may then approve the media item fortransmission to its target inmate, visitor, or outsider. Alternatively,the reviewer may reject the media item, conditionally approve the mediaitem, or redact parts of the media item, thus preventing completetransmission to its target inmate, visitor, or outsider. In one or moreembodiments of the invention, the reviewer application (312) includefunctionality to view media items, associate one or more attributes tothe media item, and/or mark the media items as approved or rejected.

In one or more embodiments of the invention, the investigator computingdevice (308) is a computing system configured to execute theinvestigator application (314). In one or more embodiments of theinvention, an investigator is a person gathering information about aninmate, visitor, or outsider generally for the purposes of lawenforcement. The investigator application (314) includes functionalityto provide access to data stored on the database server (304) forinvestigative purposes.

FIG. 4 shows a general computing system in accordance with one or moreembodiments of the invention. As shown in FIG. 4, the computing system(400) may include one or more computer processor(s) (402), associatedmemory (404) (e.g., random access memory (RAM), cache memory, flashmemory, etc.), one or more storage device(s) (406) (e.g., a hard disk,an optical drive such as a compact disk (CD) drive or digital versatiledisk (DVD) drive, a flash memory stick, etc.), and numerous otherelements and functionalities. The computer processor(s) (402) may be anintegrated circuit for processing instructions. For example, thecomputer processor(s) may be one or more cores, or micro-cores of aprocessor. The computing system (400) may also include one or more inputdevice(s) (410), such as a touchscreen, keyboard, mouse, microphone,touchpad, electronic pen, camera, or any other type of input device.Further, the computing system (400) may include one or more outputdevice(s) (408), such as a screen (e.g., a liquid crystal display (LCD),a plasma display, touchscreen, cathode ray tube (CRT) monitor,projector, or other display device), a printer, external storage, or anyother output device. One or more of the output device(s) may be the sameor different from the input device(s). The computing system (400) may beconnected to a network (414) (e.g., a local area network (LAN), a widearea network (WAN) such as the Internet, mobile network, or any othertype of network) via a network interface connection (not shown). Theinput and output device(s) may be locally or remotely (e.g., via thenetwork (412)) connected to the computer processor(s) (402), memory(404), and storage device(s) (406). Many different types of computingsystems exist, and the aforementioned input and output device(s) maytake other forms.

Software instructions in the form of computer readable program code toperform embodiments of the invention may be stored, in whole or in part,temporarily or permanently, on a non-transitory computer readable mediumsuch as a CD, DVD, storage device, a diskette, a tape, flash memory,physical memory, or any other computer readable storage medium.Specifically, the software instructions may correspond to computerreadable program code that when executed by a processor(s), isconfigured to perform embodiments of the invention.

Further, one or more elements of the aforementioned computing system(400) may be located at a remote location and connected to the otherelements over a network (414). Further, embodiments of the invention maybe implemented on a distributed system having a plurality of nodes,where each portion of the invention may be located on a different nodewithin the distributed system. In one or more embodiments of theinvention, the node corresponds to a distinct computing device.Alternatively, the node may correspond to a computer processor withassociated physical memory. The node may alternatively correspond to acomputer processor or micro-core of a computer processor with sharedmemory and/or resources.

FIG. 5A shows a video visitation kiosk in accordance with one or moreembodiments of the invention. Specifically, the video visitation kiosk(500) is a type of computing device as described in FIG. 4. As shown inFIG. 5A, the video visitation kiosk (500) includes a camera (502), adisplay (504), a handset (506), a headset jack (508), and a universalserial bus (USB) port (510).

FIG. 5B shows the hardware and software elements of a video visitationkiosk in accordance with one or more embodiments of the invention. Thehardware and software elements shown in FIG. 5B may be in addition tothe elements described in FIG. 4. As shown in FIG. 5B, the videovisitation kiosk (500) includes a handset (506), a video camera (502), atouch screen panel (512), a display (504), a computing application(514), an operating system (516), and a network interface controller(518).

FIG. 6 shows the hardware and software elements of a mobile computingdevice in accordance with one or more embodiments of the invention.Specifically, the mobile computing device (600) is a type of computingdevice as described in FIG. 4. The hardware and software elements shownin FIG. 6 may be in addition to the elements described in FIG. 4.

As shown in FIG. 6, the mobile computing device (600) may include aglobal positioning system (GPS) antenna (602), a cell antenna (604), awide area network (WAN) antenna (606), and a personal area network (PAN)antenna (608), each connected to a multi-band radio transceiver (610).The mobile computing device (600) also may include a rear-facing videocamera (612), a front-facing video camera (614), a compass (616), anaccelerometer (618), a touch screen (620), a display (622), and amicrophone (624). The mobile computing device (600) also may include acomputing application (626) executing on an operating system (628).

FIG. 7 shows a schematic diagram of a system including a networkapplication (700) and a database server (702). The network application(700) may execute or be a part of application server (118) in FIG. 1.Similarly, the database server may be database server (120) in FIG. 1.Alternative configurations may also be used. For example, either, both,or part of the network application (700) and database server (702) maybe located in the controlled facility. The network application (700) anddatabase server (702) are discussed below.

A network application (700) is a software application for connectinginmates and administrators to a network. For example, the network may bea telephone network (not shown) or a secure social network (not shown).The network application may include an authentication module (704), acontrolled setup module (706), a text and speech converter (708), anaudit module (710), and a communication module (712). Each of thesecomponents is discussed below.

An authentication module (704) includes functionality to authenticateindividuals to the desired network. For example, the authenticationmodule may include functionality to receive authentication credentials,and determine whether the authentication credentials match storedcredentials for the individual. The authentication credentials may beuser name, password, voiceprint authentication, face verificationinformation, identifying body marks and features information, retinaverification information, palm or fingerprint verification information,or any other type of credential for authentication.

In one or more embodiments of the invention, the controlled setup module(706) includes functionality to create an account (e.g., inmate account(718), superfriend account (714)) for an individual. The controlledsetup module (706) may further include functionality to populate theaccount with contacts, and update the account. Populating an inmateaccount (718) with contacts and updating the inmate account (718) arediscussed with reference to FIGS. 8-10.

Continuing with FIG. 7, in one or more embodiments of the invention, thetext and speech converter (708) includes functionality to converttextual input into audio output. The text and speech converter (708) mayfurther include functionality to convert audio input to textual output.Further, the text and speech converter (708) may further includefunctionality to convert one audio input into a second audio input. Forexample, consider the scenario in which an administrator would like totransmit an anonymous message, such as deliver bad news. In such ascenario, the text and speech converter (708) may include functionalityto replace an administrator's voice with a computerized audio. Forexample, the computerized audio may be a computer voice speaking theadministrator's spoken words or manipulation of the sounds of theadministrator's voice.

In one or more embodiments of the invention, the audit module (710)includes functionality to track communications from inmates.Specifically, the audit module (710) includes functionality to track,calculate, and store messages, timestamps defining when the message wastransmitted, when the message was received, the length of time in whichthe message was being presented, a unique identifier of thecommunication device (e.g., inmate kiosk, inmate phone, inmate computingdevice) used to receive the message, any response to the message, andother tracking information about a message.

In one or more embodiments of the invention, the communication module(706) includes functionality to manage a communication on a network. Forexample, the communication module (706) may include functionality toidentify an individual accessing the network, receive a connectionrequest to connect to a contact, and connect the individual to thecontact when the contact is in the individual's network list. The term,list, as used in this application refers to any data structure forstoring a collection of contacts. The communication module (706) mayfurther include functionality to connect the individual to all socialnetwork contacts via the secure social network. In one or moreembodiments of the invention, the communication module (706) mayfacilitate oversight of an inmate's communication by transmitting all ora portion of the messages to an administrator or reviewer for approval.

The communication module (706) may further include functionality totrack the length of time that an inmate is communicating on the selectednetwork and/or a number of messages sent and/or received on the selectednetwork. A payment module (not shown) may include functionality toobtain payment from the inmate or a contact of the inmate and dispersethe payment. For example, dispersing the payment may includetransmitting at least a portion of the payment to a controlled facilityand/or transmitting a portion to a network management entity (e.g.,telephone connection company, internet connection company) and/orretaining at least a portion. The payment module may includefunctionality to debit an inmate's money account or otherwise bill theinmate based on the amount of time, number of messages, or otherinformation.

Continuing with FIG. 7, the network application (700) is operativelyconnected to the database server (702). The database server (702)includes functionality to store information for the network application(700). For example, the database server (702) may store one or moresuperfriend accounts (714), an inmate account (718) for each inmate,audit data (734), saved messages (736), and groups (738). Each of thestored data is discussed below.

A superfriend account (714) is an account maintained for anadministrator who is a superfriend of an inmate. A superfriend is aperson, typically and administrator, contacts and communications fromwhom an inmate is not permitted to block, reject, or unfriend inaccordance with one or more embodiments of the invention. For example,the superfriend may be a warden, guard, parole officer, counselor,doctor, investigator, or other individual. In one or more embodiments ofthe invention, a superfriend has superfriend privileges (722) over aninmate account (718) and has removal protection from the inmate account(718). In one or more embodiments of the invention, superfriendprivileges may correspond to administrative privileges. Superfriendprivileges (722) include being able to transmit any information to aninmate and having the transmission on the conspicuously placed orpresented when the inmate accesses the network. Further, superfriendprivileges (722) may include privilege to review all correspondence toand from the inmate. Additional superfriend privileges may exist withoutdeparting from the scope of the invention. In one or more embodiments ofthe invention, an inmate cannot limit the superfriend privileges.

Removal protection refers to an inability for an inmate to unfriend thesuperfriend. Specifically, without proper authority, which an inmatedoes not have, the superfriend cannot be disassociated from the inmate'snetwork.

In one or more embodiments of the invention, the superfriend account(714) further includes a superfriend network list (720), superfriendauthentication credentials (724), and at least one superfriend publicalias. The superfriend network list (720) includes a list of contactswith whom the superfriend may communicate. A contact refers to anindividual or group of individuals with whom a person is connected. Forexample, the contact may include a network identifier of an individualand connection information for connecting to the individual.

Superfriend authentication credentials (724) are authenticationcredentials used for authenticating the administrator. The superfriendauthentication credentials (724) may include user name, password,voiceprint authentication, face verification information, identifyingbody marks and features information, retina verification information,palm or fingerprint verification information, or any other type ofcredential for authentication.

In one or more embodiments of the invention, a superfriend public alias(726) is an alternative identifier for the administrator that ispresented as the sender and/or recipient of messages. For example, ifthe administrator is transmitting a message anonymously, the anonymouscommunication may be under the public alias. By way of another example,if the administrator is performing a communication for a particulargroup (e.g., the entire controlled facility, a group of prisons, acounseling group), the administrator may use the public alias of a groupname to send and receive messages.

Continuing with the database server (702), an inmate account is anaccount storing information about an inmate. For example, an inmateaccount may include inmate authentication credentials (728), an inmatetelephone network list (730), and an inmate social network list (732).Additionally, although not shown in FIG. 7, the inmate account may alsoinclude administrative information, such as name, birthdate, inmateidentifier, reason for the inmate to be in the controlled facility,historical confinement of the inmate, list of inmate's violations ofregulations of the controlled facility, gang affiliations, accountbalance for payment of communications, and other information.

The inmate authentication credentials (728) correspond to authenticationcredentials for the inmate. For example, the authentication credentialsmay include user name, password, voiceprint authentication, faceverification information, identifying body marks and featuresinformation, retina verification information, palm or fingerprintverification information, or any other type of credential forauthentication.

The inmate telephone network list (730) corresponds to a list ofcontacts of the inmate for communication via the telephone network. Theinmate secure social network list (732) corresponds to a list ofcontacts of the inmate for communication via a secure social network. Inone or more embodiments of the invention, before being allowed tocommunicate with the contacts, the contacts must be approved. Further,although an inmate may communicate with contacts in the inmate telephonenetwork list and the inmate secure social network list, the contacts maynot be approved in accordance with one or more embodiments of theinvention. Specifically, the inmate telephone network list and theinmate secure social network list may include unprocessed contacts,filtered contacts, and/or approved contacts.

An unprocessed contact is a contact that has not been vetted or checkedto determine whether communication with the unprocessed contact isprohibited. A filtered contact is a contact that is not outrightprohibited for communication. An approved contact is a contact that hasbeen vetted and with whom the inmate may communicate. For example,unprocessed contacts may be filtered to remove contacts that are knowngang members, are inmates, are wanted criminals, or have otherattributes, which make communication with such contacts outrightprohibited. In one or more embodiments of the invention, the filteringprocess may include comparing the contact with lists of prohibitedpeople. In some embodiments, the remaining contacts after the filteringprocessed are approved contacts. In alternative embodiments, filteredcontacts may have to be vetted (e.g., go through an identificationand/or approval process) to be approved contacts. The vetting mayinclude performing background checks on the contact and confirming theidentity of the contact. In one or more embodiments of the invention,rules of the controlled facility define whether filtered contacts mustbe vetted in order for the inmate to communicate with the approvedcontacts. Whether a contact is an unprocessed contact, filtered contact,or approved contact may be maintained as an attribute defined for thecontact in the inmate account.

Although FIG. 7 shows the secure social network list (732) as separateand distinct from the telephone network list (730), the secure socialnetwork list (732) may be the same as the telephone network list (730).Further, in one or more embodiments of the invention, the inmate mayhave a single contact list. Each contact in the single contact list mayhave a parameter indicating whether the inmate may communicate with thecontact via telephone network, secure social network, or both. Forexample, the parameter may be a set bit and/or connection identifiers(e.g., telephone number, secure social network identifier) for thecontact.

Continuing with the discussion regarding the database server (702), theaudit data (734) includes information stored for auditing purposes. Forexample, for each message, the audit data may include timestampsdefining when the message was transmitted, when the message wasreceived, the length of time in which the message was being presented, aunique identifier of the communication device used to receive themessage, any response to the message, and other tracking informationabout a message.

Saved messages (736) correspond to messages that are saved. For example,saved messages may include postings to the inmate secure social network,voicemail messages, one to one messages, multicast or broadcastmessages, and other messages.

In one or more embodiments of the invention, groups relate a groupidentifier to account identifiers of individuals who are members of thegroup. For example, for a counseling group, the counseling groupidentifier is related to the counselor superfriend account identifieralong with inmates who participate in the counseling session. By way ofanother example, for a controlled facility group, the controlledfacility group identifier may be related to all inmates in thecontrolled facility. Thus, a communication sent to a group identifierwill be broadcasted to all members of the group in one or moreembodiments of the invention.

Although FIG. 7 shows a certain configuration of components, otherconfigurations may be used without departing from the scope of theinvention. For example, the superfriend account (714) may be located onan application. By way of another example, one or more modules of thenetwork application (700) may be located in a different component of thesystem.

FIGS. 8-10 show flowcharts in one or more embodiments of the invention.While the various steps in these flowcharts are presented and describedsequentially, some or all of the steps may be executed in differentorders, may be combined or omitted, and some or all of the steps may beexecuted in parallel. Furthermore, the steps may be performed activelyor passively. For example, some steps may be performed using polling orbe interrupt driven in accordance with one or more embodiments of theinvention. By way of an example, determination steps may not require aprocessor to process an instruction unless an interrupt is received tosignify that condition exists in accordance with one or more embodimentsof the invention. As another example, determination steps may beperformed by performing a test, such as checking a data value to testwhether the value is consistent with the tested condition in accordancewith one or more embodiments of the invention.

FIG. 8 shows a flowchart for priming a network of an inmate in one ormore embodiments of the invention. In Step 801, the mobile device of theinmate is confiscated in one or more embodiments of the invention. Inone or more embodiments, when an inmate is confined, the inmate may bestripped of the inmate's possessions. For example, all communicationdevices found on the inmate or in the inmate's belongings may beremoved. The removal may be temporary, such as during a booking process,or semi-permanent, such as during the entire period of an inmate'sconfinement.

In Step 803, inmate authentication credentials for social networks arereceived in one or more embodiments of the invention. In one or moreembodiments of the invention, the inmate provides his or herauthentication credentials. Rather than providing authenticationcredentials to third party social network, the inmate may provide thecredentials to an administrator. In other words, in one or moreembodiments of the invention, the inmate is not allowed to access theinmate's third party social network once confinement of the inmate isinitiated. Providing authentication credentials may be optional for theinmate. Specifically, the inmate may opt out of importing contacts fromthird party social networks. In such a scenario, the steps discussedbelow regarding importing contacts from the social network may beomitted.

In Step 805, contacts are imported from the inmate's mobile device andsocial networks in one or more embodiments of the invention.Specifically, third party social networks are accessed using theinmate's authentication credentials provided in Step 803. The contactsare extracted from the inmate's account on the third party's socialnetwork. Alternatively, contacts from the inmate's third party socialnetwork may be imported without input from the inmate. For example, acourt order to the third party may require the third party to release alist of contacts of the inmate on the third party social network or thecourt order may require release of the authentication credentials toallow for automatic crawling and download.

Further, in one or more embodiments of the invention, contacts aredownloaded from the inmate's mobile device. Importing contacts may beperformed using extraction software. If the inmate has a passcode, thepasscode may be overridden in order to extract the contacts.

In Step 807, the contacts are reviewed for persons of interest in one ormore embodiments of the invention. For example, contacts may be reviewedto identify missing witnesses, individuals with warrants out for arrest,and other individuals. Reviewing contacts may be performed by a reviewerapplication comparing the contacts with one or more person of interestlist. For example, the reviewer application may compare contacts againststate and federal warrant lists to determine whether a contact has awarrant out for his or her arrest. By way of another example, thereviewer application may compare the contacts with a list of individualsconnected to an inmate's confinement and flag the contacts that match.The reviewer application may transmit any matching contacts to areviewer. For example, the reviewer may be an administrator. By way ofan example, the reviewer may be an investigator that is managing theinmate's case.

In Step 809, contacts are filtered for prohibited contacts to obtainedapproved contacts in one or more embodiments of the invention. In one ormore embodiments of the invention, filtering contacts includesdetermining which contacts with whom the inmate is outright not allowedto communicate with and saving the remainder of the contacts as filteredcontacts. Depending on the rules of the controlled facility, vetting ofthe filtered contacts may be performed to obtain approved contacts. Thevetting may be performed at this stage, when the inmate requestscommunication with the contact, or at another time. Alternatively, oncethe contacts are filtered, the remaining contacts may be deemedapproved. For example, the contacts may be filtered to remove otherinmates, known gang members, and witnesses. The contacts may further befiltered to remove individuals confined in the same and/or differentcontrolled facility. Filtering the contacts may include the setup modulecomparing the contacts with one or more lists of prohibited contacts.Such lists may include a list of known gang members, a list of jurymembers, a list of judges, a list of witnesses, and any other lists.After the contacts are filtered, the remaining contacts may betransmitted to a reviewer application for a reviewer to view thecontacts. The reviewer may determine whether any of the remainingcontacts are prohibited and remove any prohibited contacts. Theresulting contacts from the filtering may be referred to as approvedcontacts. Alternatively, the resulting contacts may be subject to morevetting to be approved contacts.

In Step 811, social network identifiers for each contact are obtained toupdate the contacts in one or more embodiments of the invention.Specifically, in one or more embodiments of the invention, one or morecontacts that are obtained from an inmate's mobile device may not beassociated with a third party social network in the inmate's mobiledevice. In such a scenario, the third party social networks are accessedwith contact information, such as the name of the contact, to obtain thecontact's social network identifier. Thus, not only is the inmate ableto communicate with the contact via a telephone network, but also withthe contact via the secure social network even when the inmate does nothave a network identifier for the contact. If the contact is found inthe third party social network, an updated contact is created.

In Step 813, the updated contact is saved in the approved contact listfor each updated contact in one or more embodiments of the invention.Specifically, the update to the contact is saved.

In Step 815, the inmate is presented with a contact list in one or moreembodiments of the invention. Presenting the inmate with the contactlist may be performed during a booking process or afterwards, such asonce the inmate is confined. For example, the inmate may be presentedwith telephone network contacts via the inmate phone or kiosk describedabove. In the example, the first time that the inmate uses the inmatephone or kiosk, the inmate may be presented with options for setting upan inmate account to access the social network. The inmate may bepresented with a list of all contacts, unprocessed contacts, filteredcontacts, or a combination thereof. In one or more embodiments of theinvention, the filtering and vetting process may be performed before orafter the inmate requests communication with the contact.

In Step 817, a selection of contacts from the contact list is receivedfrom the inmate to obtain selected contacts in accordance with one ormore embodiments of the invention. In one or more embodiments, theinmate selects the contacts with which the inmate would like tocommunicate while confined. By allowing the inmate to select contacts,the inmate can determine the contacts with which the inmate would liketo communicate while confined. Further, embodiments prevent the inmatefrom accessing unapproved contacts.

In Step 819, the inmate telephone list and the inmate secure socialnetwork list are populated with the selected contacts in accordance withone or more embodiments of the invention. In one or more embodiments ofthe invention, once populated, the inmate is enabled to communicate withany contact in the inmate telephone list and the inmate secure socialnetwork list. In one or more embodiments of the invention, the inmatemay request communications with any contacts. The requestedcommunication may require an approval process.

In Step 821, an administrator is added as a superfriend of the inmate inaccordance with one or more embodiments of the invention. In one or moreembodiments of the invention, the administrator is selected based on arelationship (or lack thereof) with the inmate. For example, theadministrator may be a warden, an investigator, a guard, or anotherindividual. By adding the administrator as superfriend, theadministrator may review all messages from and to the inmate. Thus, theadministrator may ensure that the messages comply with regulations. Forexample, the administrator may ensure that the inmate is not receivingcrime reports, participating in a crime, communicating with gangmembers, plotting to receive or send contraband, or performing any othersuch acts. By way of another example, the administrator may gatherevidence and other intelligence from messages to and from the inmate.

In one or more embodiments of the invention, when the inmate wants touse the telephone network, the inmate may access the inmate phone orkiosk. Using the inmate phone or kiosk, the inmate may authenticate himor herself to the telephone network. The inmate may be presented withthe inmate's telephone network list. Alternatively, the inmate mayselect a speed dial number or graphical image for a particular contactin the inmate's telephone contact list. If the contact is in the inmatetelephone network, the inmate is connected to the contact. Thecommunication module and audit module may begin recording information,such as a contact identifier of the contact, a time and date of thecommunication, length of time for the communication, and a recording ofthe communication.

To access the inmate secure social network, the inmate may authenticatehim or herself to the secure social network. The inmate may beginsending and/or receiving messages with the secure social network. Themessages may be broadcasted to all of the inmate secure social networkcontacts, multi-casted to a subset of the inmate secure social networkcontacts, or uni-casted to a single secure social network contact. Eachmessage or a subset thereof may be reviewed by the administrator beforeor after being transmitted.

In one or more embodiments of the invention, the inmate voluntarily orinvoluntarily provides, to the network application, his or herauthentication credentials for an application providing an outsidesocial network. The network application executing the secure socialnetwork may use the authentication credentials to connect to the outsidesocial network. The network application may communicate with the outsidesocial network using an Application Programming Interface (API) of theoutside social network. Social data transmitted from the outside socialnetwork to the network application may be buffered and analyzed prior tobeing presented to the inmate in accordance with one or more embodimentsof the invention.

For instance, the inmate might request access to specific photolibraries (by name) or all photo libraries and other content. Thenetwork application processes the request by downloading the requestedcontent and storing the content in a review queue that is tagged andfiltered by automated systems and/or by human reviewers. The resultingcontent that is tagged and filtered is provided to the inmate. Thus, theinmate will eventually obtain access to none, some, or all of therequested content depending on the outcome of the review queue.

In one or more embodiments of the invention, the network applicationimports photos from the outside social network, regardless of whetherthe inmate is allowed to view them, may analyze the photos with facialand object recognition software. The network application may search forbiometric matches between the faces in the imported photos and biometricdata already known by the system. For example, the biometric data may befrom individuals appearing in video visitations or otherwise recognizedfrom other imported photos. In some cases, facial recognition is notused, such as in the case where the imported photos have already beentagged in the outside social network with identities. The networkapplication may compare the identities from the photos with individualsknown by the system. For example, individuals known to the system mayinclude current and former inmates, and current and former contacts ofthe inmates made through telephone calls, video visitations, securesocial networking, and other communications channels whose records areavailable to the system.

In one or more embodiments of the invention, social network contacts maybe obtained as follows. The inmate may be presented with all contacts,but only a subset of the data, such as name, residence location, andprofile photo. Some data, such as address, telephone number, emailaddress, or social network identifier may be redacted. Based on thesubset of data, the inmate then select which contacts that the inmatewould like to communicate with from within the controlled facility. Theselected contacts, along with the information withheld from the inmate,may be placed in a review queue analogous to the image review queue. Inone or more embodiments of the invention, social network contactsassociated with the inmate are then available to the system. By beingavailable, the investigators, administrators, and software routines inthe system may compare the imported contacts to lists of individualswith whom the inmate is prohibited from communicating. In one or moreembodiments of the invention, any contacts matching, or appearing tomatch, the inmate's prohibited contact list are flagged for review. Theinvestigator or administrator may make a determination of whether toallow or disallow communications with each requested contact.

One or more embodiments may perform social network crawling using theinmate's contacts. For example, the social network crawling may beperformed to look for connections with other inmate users of the networkapplication, connections with gang members or criminals, connectionswith controlled facility administrators, investigators, or other lawenforcement officials, connections with people communicating with otherinmates, and other connections. The connections may be direct orindirect connections (e.g., through a third party). Further, the numberof connections between the inmate and the individual may correspond tothe degree of the connection, which may be stored with the information.For example, the inmate may have a second degree connection with aninvestigator, where the second degree connection is through a familymember of the inmate and a friend of the investigator.

In one or more embodiments of the invention, when the inmate connects toan outside social network through the network application, the inmatemay be guided through an enrollment process. During the enrollmentprocess, the inmate may provide a new username if the inmate does notalready have one to the outside social network. The network applicationmay create a new account for the inmate on the outside social network.

In one or more embodiments of the invention, the network application maysearch databases and search engines using data provided by the inmateduring enrolment. For example, if the inmate specifies his or her ownaccount name, the system uses a search engine to determine whether theinmate specified username is used elsewhere. If other accounts with thesame username are publicly accessible, or are accessible to other usersof the same system, the system may log into these systems with anaccount of its own, perhaps as an automated proxy for a specificinvestigator at the facility, so as to access any data available. Theavailable data, or in some cases, the account name alone, may be enoughfor investigators with sufficient cause to obtain a court order orsubpoena to access additional information about these accounts and eachaccount's list of connections. Thus, if an inmate specifies a usernamethat the inmate has used in other online activities, investigators mayobtain information about the other online activities.

One or more search engines may perform searching based on individualsand/or content matching information describing, or obtained from theinmate during his booking and/or enrollment. For example, if the inmatestates his name as John Smith, age 51, residing in Long Beach, Calif.,and among the first telephone calls he makes is to a number associatedwith a Susan Smith, age 49, also residing in Long Beach, Calif., thesystem may conclude that the two individuals are related, and performadditional searches based on this perceived first-degree connection. Thesearch may be performed using a graph search or other search methods.Also, using only the inmate's claimed name, residence, and age, thesystem may perform a lookup using search engines such as MyLife.com,PeekYou.com, Pipl.com, ZoomInfo.com, and/or Spokeo.com, which all offerthe ability to search for individuals based on scant submittedinformation.

Also, using any online account names associated with the inmate, thatthe inmate either provided or were derived from the above searches,additional online sites are searched for users with any of those sameusernames, such as online dating sites. Additionally, the most commonlyused dating sites are searched for profiles with attributes matchingthose attributes obtained from the system and that describe the inmate,including height, weight, age, hair color, eye color, and distinguishingfeatures such as tattoos. The searches may be conducted not only for thespecific values obtained or given, but for ranges above and below thesevalues, to account for lies that dating site users may make.

FIG. 9 shows a flowchart for updating the inmate's network in one ormore embodiments of the invention. Specifically, FIG. 9 shows aflowchart for when an inmate wants to add a contact. In Step 901, arequest for connection to a new contact is received from the inmate inaccordance with one or more embodiments of the invention. In one or moreembodiments of the invention, the inmate may provide contactinformation, such as name, connection identifier (e.g., telephonenumber, third party social network identifier), and other informationfor the new contact.

In Step 903, a determination is made whether the new contact is aprohibited contact. Determining whether the contact is a prohibitedcontact may be performed similar to the discussion above with respect tofiltering contacts in Step 809 of FIG. 8. Additionally, determiningwhether the new contact is a prohibited contact may include confirmingthat the name of the contact matches the connection identifier.Specifically, confirming that the name matches the connection identifierensures that the inmate is not attempting to access an unauthorizedindividual.

If the new contact is a prohibited contact, the new contact is flaggedfor review in Step 905 in one or more embodiments of the invention.Flagging the new contact for review may include sending a notificationto the administrator. The notification may include contact informationprovided by the contact and the reason for flagging the contact (e.g.,the basis for the contact being a prohibited contact). For example, anotification may be added to the superfriend account of theadministrator. The administrator may be presented with the notificationwhen the administrator logs into the administrator account or theadministrator may receive an automated electronic communication, such asa text message. Alternatively, a non-superfriend, such as a reviewer maybe notified of the new contact.

In Step 907, a determination is made whether an administrator approvedthe contact in one or more embodiments of the invention. Specifically,the administrator may select to override the prohibition of the contact.In such a scenario, the administrator may select that the contact isapproved in the network application. If the administrator approves ofthe contact or if the new contact is not a prohibited contact, then thenew contact is added to the inmate network in Step 909 in one or moreembodiments of the invention. Once added, the inmate may begincommunicating with the new contact.

FIG. 10 shows a flowchart for managing a release of the inmate in one ormore embodiments of the invention. Specifically, in one or moreembodiments, the release of an inmate may limit who the inmate maycontact. For example, released inmates may be prohibited from contactingcurrently confined inmates. In Step 1001, input of an inmate beingreleased is received in one or more embodiments of the invention. In oneor more embodiments of the invention, the system may receive anotification that the particular inmate is being released.

In Step 1003, contact from the inmate contact list is obtained in one ormore embodiments of the invention. In Step 1005, a determination is madewhether the contact is confined in a controlled facility of some type inaccordance with one or more embodiments of the invention. Specifically,if the contact is confined, then one or more regulations forcommunicating with the contact may apply. For example, the contact maybe prohibited from communicating with the inmate and/or the inmate maybe prohibited from communicating with the contact, such as by acondition of the inmate's release or other restriction set by the court.

In Step 1007, a determination is made whether communication with theinmate post-confinement is prohibited in accordance with one or moreembodiments of the invention. To make the determination, the applicationrules defined by regulations defining with whom the inmate cancommunicate while released are executed. Released inmates may no longerbe subject to the controlled facility. If communication with the contactby the inmate post-confinement is prohibited, then the connectionbetween the inmate and the contact is removed in Step 1009 in accordancewith one or more embodiments of the invention. Specifically, the contactis removed (e.g., deleted, blocked, hidden, etc.) from the inmatetelephone network list and secure social network list. Similarly, theinmate may be removed from the contact's telephone network list andsecure social network list in accordance with one or more embodiments ofthe invention.

In Step 1011, a determination is made whether another unprocessedcontact exists in one or more embodiments of the invention.Specifically, in one or more embodiments, each contact in the inmatenetwork list is reviewed to determine whether the inmate may communicatewith the contact post-confinement. Further, for any network list inwhich the inmate is a contact, the communication is analyzed todetermine whether the communication with the inmate is prohibited. Ifprohibited, the inmate is deleted from the network list in accordancewith one or more embodiments of the invention.

The following example is for explanatory purposes only and not intendedto limit the scope of the invention. In the following example, considerthe scenario in which Jeff, recently laid-off, unwisely decides to joinRuff Gang and illegally sell cocaine to obtain money. Because Jeff hashad his cell phone on him at all times, he never bothers to remember howto connect to his contacts. One day, Jeff's life of crime caught up tohim, and he is arrested and booked into a controlled facility. At thejail, Jeff's cell phone is confiscated from him as part of the bookingprocess. Jeff has absolutely no idea whom he may contact.

Continuing with the example, Jeff is in luck. The controlled facilitywhere he is booked has a network application that is able to obtaincontacts from Jeff cell phone. As part of the process, each contact inJeff's cell phone is analyzed to determine whether Jeff is allowed tocommunicate with said contact. In other words, the contacts are filteredto remove prohibited contacts. Thus, contacts that are known members ofRuff Gang are removed. Further, known cocaine users who are contacts,and, and therefore, may be witnesses to Jeff's illegal activities areremoved. The remaining contacts include Jeff's family members, hisattorney, and a few upstanding friends. Jeff decides that he does notwant some of the contacts to know that he is incarcerated. So, Jeffselects a certain set of contacts to be in his network list and leavesthe remaining contacts unselected. The warden and assistant warden mayadd themselves as superfriend of Jeff to review his communications.

Thus, although Jeff did not remember any of his contacts when he wasbooked into the controlled facility, he is still able to communicatewith his contacts. Further, in accordance with certain embodiments ofthe invention, the contacts he has in his network list are confirmed tobe those individuals with whom he may communicate without violatingregulations or restrictions. Additionally, one or more embodiments allowfor oversight of Jeff's messages to ensure that the messages do notviolate regulations going forward.

While the invention has been described with respect to a limited numberof embodiments, those skilled in the art, having benefit of thisdisclosure, will appreciate that other embodiments can be devised whichdo not depart from the scope of the invention as disclosed herein.Accordingly, the scope of the invention should be limited only by theattached claims.

What is claimed is:
 1. A method for network priming for an inmate of acontrolled facility, comprising: receiving authentication credentialsfor the inmate to access a third party social network; importing, via anapplication programming interface (API) provided by the third partysocial network, a plurality of social network contacts from the thirdparty social network, wherein importing the plurality of social networkcontacts comprises performing social network crawling to identify atleast one individual indirectly connected to the inmate with a degree ofconnection more than 1, and wherein the degree of the connection is anumber of connections between the inmate and the individual; filteringthe plurality of social network contacts for prohibited contacts;presenting the inmate with the plurality of social network contacts;receiving, from the inmate, a selection of social network contacts fromthe plurality of social network contacts to obtain a plurality ofselected social network contacts; populating a secure social networklist of the inmate with the plurality of selected social networkcontacts; downloading, from the third party social network via the API,content of the inmate using the authentication credentials, the contentcomprising a plurality of photos that are buffered pending analysis,wherein at least one of the plurality of photos is tagged with anidentity by the third party social network; analyzing the plurality ofphotos in the content to identify a plurality of individuals in theplurality of photos, wherein analyzing the plurality of photoscomprises: comparing the plurality of photos with a plurality of currentand former inmates in the controlled facility to identify the pluralityof individuals; investigating the inmate using the plurality ofindividuals identified from the plurality of photos in the content andthe at least one individual from social networking crawling; filteringthe content; and presenting the filtered content to the inmate.
 2. Themethod of claim 1, further comprising: importing a plurality of mobiledevice contacts from a mobile device used by the inmate; filtering theplurality of mobile device contacts for prohibited contacts; presentingthe inmate with the plurality of mobile device contacts; receiving, fromthe inmate, a selection of mobile device contacts from the plurality ofmobile device to obtain a plurality of selected telephone contacts; andpopulating a telephone list of the inmate with the plurality of selectedtelephone contacts.
 3. The method of claim 2, further comprising:obtaining a social network identifier for at least one contact in theplurality of telephone contacts; and populating the plurality of socialnetwork contacts with the social network identifier for the at least onecontact.
 4. The method of claim 2, further comprising: reviewing theplurality of mobile device contacts for persons-of-interest; andnotifying an administrator when a person-of-interest is found in theplurality of mobile device contacts.
 5. The method of claim 2, furthercomprising: authenticating the inmate for telephone communication;receiving, in response to authenticating the inmate, a connectionrequest to communicate with a telephone contact; and connecting, via atelephone network, the inmate to the telephone contact when thetelephone contact is in the telephone list of the inmate.
 6. The methodof claim 1, further comprising: adding an administrator to the securesocial network list of the inmate; and providing the administrator withan administrative privilege and a removal protection from the securesocial network list.
 7. The method of claim 1, further comprising:receiving a request from an inmate for a connection to a new contact;flagging, based on a determination that the new contact is a prohibitedcontact, the new contact to obtain a flagged contact; and presenting theflagged contact to an administrator for approval.
 8. The method of claim1, further comprising: receiving a notification of a release of theinmate; and for each contact in the secure social network list of theinmate: removing, based on the release, a connection between the inmateand the contact when communication with the contact post confinement isprohibited.
 9. The method of claim 8, wherein removing the connectioncomprising: removing the contact from the secure social network contactlist of the inmate; and removing the inmate from a secure social networkcontact list of the contact.
 10. The method of claim 1, furthercomprising: authenticating the inmate for secure social networkcommunication; and connecting, via a secure social network, the inmateto the secure social network list when the inmate is authenticated. 11.The method of claim 1, wherein comparing the plurality of photos withthe plurality of current and former inmates in the controlled facilityto identify the plurality of individuals comprises: searching for abiometric match between a face in at least one photo of the plurality ofphotos and biometric data of the plurality of current and formerinmates, if the photo is not tagged with an identity by the third partysocial network.
 12. A system for network priming for an inmate of acontrolled facility, comprising: a computer processor; a database servercomprising an inmate account, wherein the inmate account comprises asecure social network list; a network application executing on thecomputer processor and comprising: a controlled setup module configuredto: receive authentication credentials for the inmate to access a thirdparty social network; import, via an application programming interface(API) provided by the third party social network, a plurality of socialnetwork contacts from the third party social network, wherein importingthe plurality of social network contacts comprises performing socialnetwork crawling to identify at least one individual indirectlyconnected to the inmate with a degree of connection more than 1, andwherein the degree of the connection is number of connections betweenthe inmate and the individual; filter the plurality of social networkcontacts for prohibited contacts; present the inmate with the pluralityof social network contacts; receive, from the inmate, a selection ofsocial network contacts from the plurality of social network contacts toobtain a plurality of selected social network contacts; populate asecure social network list in the inmate account with the plurality ofselected social network contacts; download, from the third party socialnetwork via the API, content of the inmate using the authenticationcredentials, the content comprising a plurality of photos that arebuffered pending analysis, wherein at least one of the plurality ofphotos is tagged with an identity by the third party social network;analyze the plurality of photos in the content to identify a pluralityof individuals in the plurality of photos, wherein analyzing theplurality of photos comprises: comparing the plurality of photos with aplurality of current and former inmates in the controlled facility toidentify the plurality of individuals; investigate the inmate using theplurality of individuals identified from the plurality of photos in thecontent and the at least one individual from social networking crawling;filter the content; and present the filtered content to the inmate. 13.The system of claim 12, wherein the inmate account further comprises atelephone network list, and wherein the controlled setup module isfurther configured to: import a plurality of mobile device contacts froma mobile device used by the inmate; filter the plurality of mobiledevice contacts for prohibited contacts; present the inmate with theplurality of mobile device contacts; receive, from the inmate, aselection of mobile device contacts from the plurality of mobile devicecontacts to obtain a plurality of selected telephone contacts; andpopulate a telephone list of the inmate with the plurality of selectedtelephone contacts.
 14. The system of claim 13, further comprising: areviewer application configured to: review the plurality of mobiledevice contacts for persons-of-interest; and notify an administratorwhen a person-of-interest is found in the plurality of mobile devicecontacts.
 15. The system of claim 13, further comprising: an inmatephone for connecting to a telephone network, wherein the networkapplication further comprises: an authentication module configured toauthenticate the inmate for telephone communication; and a communicationmodule configured to: receive, in response to authenticating the inmate,a connection request to communicate with a telephone contact; andconnect, using the inmate phone, the inmate to the telephone contactwhen the telephone contact is in the telephone list of the inmate. 16.The system of claim 12, wherein the database server further comprises asuperfriend account for an administrator, and wherein the controlledsetup module is further configured to: generate the superfriend accountfor the administrator; and add an administrator to the secure socialnetwork list of the inmate, wherein the superfriend account comprises anadministrative privilege and a removal protection in the secure socialnetwork list of the inmate.
 17. The system of claim 12, furthercomprising: an inmate kiosk for connecting to a secure social network,wherein the network application further comprises: an authenticationmodule configured to authenticate the inmate for secure social networkcommunication; and a communication module configured to: connect, viathe secure social network, the inmate to the secure social network listwhen the inmate is authenticated.
 18. The system of claim 12, whereincomparing the plurality of photos with the plurality of current andformer inmates in the controlled facility to identify the plurality ofindividuals comprises: searching for a biometric match between a face inat least one photo of the plurality of photos and biometric data of theplurality of current and former inmates, if the photo is not tagged withan identity by the third party social network.
 19. A non-transitorycomputer readable medium for network priming for an inmate of acontrolled facility, the non-transitory computer readable mediumcomprising computer readable program code for: receiving authenticationcredentials for the inmate to access a third party social network;importing, via an application programming interface (API) provided bythe third party social network, a plurality of social network contactsfrom the third party social network, wherein importing the plurality ofsocial network contacts comprises performing social network crawling toidentify at least one individual indirectly connected to the inmate witha degree of connection more than 1, and wherein the degree of theconnection is number of connections between the inmate and theindividual; filtering the plurality of social network contacts forprohibited contacts; presenting the inmate with the plurality of socialnetwork contacts; receiving, from the inmate, a selection of socialnetwork contacts from the plurality of social network contacts to obtaina plurality of selected social network contacts; populating a securesocial network list of the inmate with the plurality of selected socialnetwork contacts; downloading, from the third party social network viathe API, content of the inmate using the authentication credentials, thecontent comprising a plurality of photos that are buffered pendinganalysis, wherein at least one of the plurality of photos is tagged withan identity by the third party social network; analyzing the pluralityof photos in the content to identify a plurality of individuals in theplurality of photos, wherein analyzing the plurality of photoscomprises: comparing the plurality of photos with a plurality of currentand former inmates in the controlled facility to identify the pluralityof individuals; investigating the inmate using the plurality ofindividuals identified from the plurality of photos in the content andthe at least one individual from social networking crawling; filteringthe content; and presenting the filtered content to the inmate.
 20. Thenon-transitory computer readable medium of claim 19, further comprisingcomputer readable program code for: importing a plurality of mobiledevice contacts from a mobile device confiscated from the inmate;filtering the plurality of mobile device contacts for prohibitedcontacts; presenting the inmate with the plurality of mobile devicecontacts; receiving, from the inmate, a selection of mobile devicecontacts from the plurality of mobile device contacts to obtain aplurality of selected telephone contacts; and populating a telephonelist of the inmate with the plurality of selected telephone contacts.21. The non-transitory computer readable medium of claim 20, furthercomprising computer readable program code for: obtaining a socialnetwork identifier for at least one contact in the plurality oftelephone contacts; and populating the plurality of social networkcontacts with the social network identifier for the at least onecontact.
 22. The non-transitory computer readable medium of claim 19,further comprising computer readable program code for: adding anadministrator to the secure social network list of the inmate; andproviding the administrator with an administrative privilege and aremoval protection from the secure social network list.